Описание
Security update for squid3
This update for squid3 fixes the following issues:
- CVE-2021-28651: Fixed a denial of service issue when processing URN resource identifiers (bsc#1185921).
- CVE-2020-25097: Fixed an HTTP request smuggling issue (bsc#1183436).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
squid3-3.1.23-8.16.37.18.1
SUSE Linux Enterprise Server 11 SP4-LTSS
squid3-3.1.23-8.16.37.18.1
Ссылки
- Link for SUSE-SU-2022:14914-1
- E-Mail link for SUSE-SU-2022:14914-1
- SUSE Security Ratings
- SUSE Bug 1183436
- SUSE Bug 1185921
- SUSE CVE CVE-2020-25097 page
- SUSE CVE CVE-2021-28651 page
Описание
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:squid3-3.1.23-8.16.37.18.1
SUSE Linux Enterprise Server 11 SP4-LTSS:squid3-3.1.23-8.16.37.18.1
Ссылки
- CVE-2020-25097
- SUSE Bug 1183436
Описание
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:squid3-3.1.23-8.16.37.18.1
SUSE Linux Enterprise Server 11 SP4-LTSS:squid3-3.1.23-8.16.37.18.1
Ссылки
- CVE-2021-28651
- SUSE Bug 1185921